Lab 9.1: Exploit Gloin

Deliverable 1. Provide the Following Information to include commands and screenshots. Create a tech journal page that covers the following.

Target IP Address

10.0.5.31

Open Ports

22
443
3389

Discovered Vulnerability

Found that Online Entrance Exam System has an sql vulnerability

https://10.0.5.31/entrance_exam/take_exam.php?id=%27+UNION+SELECT+1,username||%27;%27||password,3,4,5,6,7+FROM+admin_list;

Line above will dump admin hash

Peer told me to use CrackStation for this step

How you achieved a foothold

I found the exploit for Online Entrance Exam System by using searchsploit and finding a mysql exploit then looking at exploit db and reading what was there.

How you achieved root/Administrative level compromise

I cracked the hash for the admin user and then sshed into the machine using administrator as the user because it’s a windows machine.

User Flag

Root Flag

Overview

I didn't have much trouble with this lab I was very thankful for my peer who told me to use CrackStation instead of trying to other tools. It made this process a lot easier. I did find it very fun to not have much information and having to get a foothold on our own.

PreviousLab 8.2: Reverse Shell NextLab 10.1: Linux - Permission Vulnerabilities

Last updated 1 year ago